VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้
4, ถ้าเบราว์เซอร์ของคุณไม่สามารถอัปโหลดไฟล์กรุณาดาวน์โหลด Virscan uploader สำหรับการอัปโหลด

ภาษา
การทำงานของเซิฟเวอร์
Server Load
VirSCAN
VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ข้อมูลพื้นฐาน

ชื่อไฟล์: 00极品家丁
ขนาดไฟล์: 420657
ประเภทไฟล์: application/x-dosexec
MD5: e13bc68b709b116ce81598250e7c5a7f
sha1: f2f326c8988fe40bd02505c082fe4070c6601739

 CreateProcess

ApplicationName: C:\ProgramData\oivac.exe
CmdLine:
childid: 2368
childname: oivac.exe
childpath: C:\ProgramData\oivac.exe
drop_type: 1
name: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
pid: 2376
ApplicationName:
CmdLine:
childid: 2376
childname: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
drop_type:
name:
noNeedLine:
path:
pid: 2432

 Summary

buffer: C:\ProgramData\oivac.exe
processid: 2368
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
type: REG_SZ
valuename: Microsoft\xae Windows\xae Operating System

 Dropped_Save

analysis_result: 安全
create: 0
how: write
md5: a52d6cb53c4c31e9f5ad53a356adf9dd
name: Mira.h
new_size: 150KB (153811bytes)
operation: 修改文件
path: C:\ProgramData\Saaaalamm\Mira.h
processid: 2376
processname: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
sha1: 4e9b2d208dc3c3a6e23decb0a7d7381c73f7b101
sha256: f6bc441488529eadccfef115d11fa10c5cb8cb125b6c08c52a2bbc144bd4f7d8
size: 153811
this_path: /data/cuckoo/storage/analyses/6000871/files/1001/Mira.h
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: f9aba07121cebbcc4554de4288577299
name: $Recycle.Bin .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\$Recycle.Bin .exe
processid: 2368
processname: oivac.exe
sha1: 2b4e47ac4ec1f70ce108d78ea8a745c1254f2302
sha256: 912b2f0fe737a7beab18d6549cd3ac6f626743d160deaba1f6b9654ee3057e73
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1002/$Recycle.Bin .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 88d971bf4b29e3f470bfc95d8d0d3fbe
name: aGYiEcigc .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\aGYiEcigc .exe
processid: 2368
processname: oivac.exe
sha1: cce7263de468ed23c6f834a17c48945d4deaa16e
sha256: f9ed4083803778606325deaccd5be9d1cf8cc90bd2a84e661469e62290cec771
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1003/aGYiEcigc .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: e77587ba495d3ee17310abcdd3a0643d
name: Documents and Settings .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\Documents and Settings .exe
processid: 2368
processname: oivac.exe
sha1: f3cd3c7562ce0ee7bef2ddec3a14f5054932a163
sha256: f1446916a8673f2edaa3501d07a8d55f5b0a2c4c0354ae5e4710fdc7b140cced
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1004/Documents and Settings .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: d0bfe0d3ffca7a207ebf343cdc9486fb
name: KRYNNDEZPL .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\KRYNNDEZPL .exe
processid: 2368
processname: oivac.exe
sha1: b129966104730d46bb0d998632c96eda1bd4c227
sha256: 613f6c7d27c886fe6bed0593e2c04690a788a931f5abd41f2c5d6ead34db8c0b
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1005/KRYNNDEZPL .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 3830f9a6f878d4aa579a18b9cff305e1
name: mnlsx .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\mnlsx .exe
processid: 2368
processname: oivac.exe
sha1: 6d35ccc604120b9f7d15314a6ccd4fb15d481bb2
sha256: 23dc70ae68e311c0846e54edd9d54073bef2cbfbb9a3d70151a014383cafcf4a
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1006/mnlsx .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: bb07cbd7c7f9d0295f8bc1fa370717a2
name: MSOCache .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\MSOCache .exe
processid: 2368
processname: oivac.exe
sha1: 0237bd4a8719ea646be85e533cc4d00148d58319
sha256: 5dda25de9cb7dadaa2b17a70a515dc6311bf1c3325e39ffdf24d13b8881e979f
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1007/MSOCache .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: c0f6e04edab030afb02335559a9bf31d
name: pagefile.sys .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\pagefile.sys .exe
processid: 2368
processname: oivac.exe
sha1: 9074e5b6f45ce513cf9d502fe007c2e76dd148b2
sha256: 55a69283b6562eee7ad177211ece61a08f537fc6f5a27df9b4c205a3c5a669ee
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1008/pagefile.sys .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 9118ebb186709925afdf1843f2a7a502
name: PerfLogs .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\PerfLogs .exe
processid: 2368
processname: oivac.exe
sha1: bc88b59cbbdef07cbcc4ff561a734cd1685564b6
sha256: cdb2bc41b992ad214244829d21f8c9a6629859b35144881e91d0575c428ebf84
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1009/PerfLogs .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 722b1c54136e23a72eeda1f148fbfb09
name: Program Files .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\Program Files .exe
processid: 2368
processname: oivac.exe
sha1: 2ccb25cef139e2bbe5abbc9f5e31b79af3e34756
sha256: 9d20210b6da081a03a9cc0025e49941ab08f9a3d5e314fcbe16ad948a83c3dac
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1010/Program Files .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 1d31f0bafddd3c7e59e6bc4ef0563da6
name: Program Files (x86) .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\Program Files (x86) .exe
processid: 2368
processname: oivac.exe
sha1: ea34b33996258ce6d3acde99bbb43fbd01688b9f
sha256: 6b0bb4bc16e11ad1cba37745898ca234a46a4c8e2b85c414624f095ae760df6a
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1011/Program Files (x86) .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: afb5820670c2fbc7d910609c68af3b18
name: ProgramData .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\ProgramData .exe
processid: 2368
processname: oivac.exe
sha1: b1f52be9eb413f3737ef43af056b65716f0f167c
sha256: 5ca73bb80f8ef70dea197d4c47c767ccf9130730ce0ea1261c3d41d762e4df4d
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1012/ProgramData .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: db073289daf8188f982ef6db9b658ebc
name: Python27 .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\Python27 .exe
processid: 2368
processname: oivac.exe
sha1: 7d64fc66ec3c803d26d1d1541d70bcd5536bca3f
sha256: 7325e132de5f6321a69b7cce861e067e061d01e440ed6601c68b5140eb996309
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1013/Python27 .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 307eddb32cd81d3e41783a44c7538382
name: Recovery .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\Recovery .exe
processid: 2368
processname: oivac.exe
sha1: cf268c5b8d11839e4afd864fd06bb9c1fdcd62fd
sha256: ed63048fcb39e7aa8dac04e2c7ce078638ec6a9651c9af798d2078e52dcacccb
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1014/Recovery .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 5deb3afca83d5d49e83a4050d4d91844
name: System Volume Information .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\System Volume Information .exe
processid: 2368
processname: oivac.exe
sha1: 940cf3649767db8c9f97a53451350a3d1f6f4446
sha256: 1dd2e08e5a358c6e974c70579b9964a4178fc69b7c1953cb762f5071060153f0
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1015/System Volume Information .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: b6e16723d84d0b60006eaa618a726070
name: Users .exe
new_size: 410KB (420659bytes)
operation: 修改文件
path: C:\Users .exe
processid: 2368
processname: oivac.exe
sha1: 80e2220e733c88649fb1b234b29bb094b1995791
sha256: a774575487de8b29f775b850756e911226cb45a2f08a4bde2125e0deafb576dc
size: 420659
this_path: /data/cuckoo/storage/analyses/6000871/files/1016/Users .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
analysis_result: 安全
create: 0
how: write
md5: 82c4954ee2e53207d030c52e49843046
name: Windows .exe
new_size: 403KB (413398bytes)
operation: 修改文件
path: C:\Windows .exe
processid: 2368
processname: oivac.exe
sha1: 5cc45a35c8617685e8bee519ddac4c1b1a6e2bf6
sha256: aeaf6946b98fa1dc9e9173896de984c705ec0710269d9824cf2d187f3643fb1d
size: 413398
this_path: /data/cuckoo/storage/analyses/6000871/files/1017/Windows .exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Dropped Unsave

analysis_result: Trojan.Win32.Agent.nezvfi
create: 0
how: write
md5: 4367bd6b2498931f72783ab79f94743b
name: oivac.exe
new_size: 260KB (266836bytes)
operation: 修改文件
path: C:\ProgramData\oivac.exe
processid: 2376
processname: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
sha1: 72b2d6abc76b0bb17f3ba53ffa849bd48e19a58f
sha256: 4d759762a3390f2c85da921ca87f6c33be2c1a9cffb9b1115eafd9df9a292439
size: 266836
this_path: /data/cuckoo/storage/analyses/6000871/files/1000/oivac.exe
type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 3
process_id: 2376
process_name: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 30
process_id: 2376
process_name: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 通过修改查看隐藏文件设置,达到隐藏文件的目的
num: 180
process_id: 2376
process_name: 1621247451077_e13bc68b709b116ce81598250e7c5a7f.exe
rulename: 获取隐藏文件设置
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 8
process_id: 2368
process_name: oivac.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 18
process_id: 2368
process_name: oivac.exe
rulename: 遍历文件